Types of Malware Attacks

Questions and Answers

What is the primary purpose of a phishing attack?

To exploit vulnerabilities in a SQL database

To intercept and alter communications between two parties

To trick victims into revealing sensitive information (correct)

To disrupt online services by flooding them with requests

Which type of attack typically uses multiple compromised devices to overwhelm a target?

Denial of Service (DoS)

Distributed Denial of Service (DDoS) (correct)

Phishing Attack

Brute Force Attack

What occurs during a Man-in-the-Middle (MitM) attack?

SQL code is manipulated through user input fields

Communications are intercepted and altered between two parties (correct)

Malicious scripts are injected into trusted websites

Attackers flood a system with requests

How do SQL Injection (SQLi) attacks primarily function?

By inputting malicious SQL code through user input fields

What is the main goal of a Cross-Site Scripting (XSS) attack?

To steal sensitive data using malicious scripts

What characterizes a brute force attack?

Systematically trying all possible combinations to guess passwords

Which of the following techniques is NOT commonly associated with password attacks?

Eavesdropping

What technique do attackers often use in a dictionary attack?

Using commonly used words or phrases to crack passwords

Which malware type interrupts communication between two parties without their knowledge?

Man-in-the-Middle (MitM) attack

What is the effect of a Denial of Service (DoS) attack?

It floods a system making it unavailable to legitimate users

What is a supply chain attack primarily targeting?

Vulnerabilities in hardware or software

Which tool is commonly used for capturing unencrypted data in transit?

Wireshark

What does cryptojacking primarily involve?

Mining cryptocurrency using victim's resources

What is a common characteristic of DNS spoofing?

Injecting false DNS information

What characterizes a ransomware attack?

It encrypts files and demands a ransom for restoration.

In a watering hole attack, the attackers compromise which type of resource?

Specific websites frequented by a target group

Which type of devices are targeted in IoT-based attacks?

Smart home devices

Which of the following is a common technique used in social engineering attacks?

Baiting

Why are zero-day attacks particularly dangerous?

They exploit vulnerabilities that are unknown to the vendor.

How does cryptojacking usually propagate?

Infected software downloads

What type of attack could involve the installation of malware during manufacturing?

Supply chain attack

An advanced persistent threat (APT) is characterized by which of the following?

Long-term infiltration of a network for espionage.

What is a drive-by download attack?

Malicious software is downloaded without user interaction.

What is a potential consequence of DNS spoofing?

Redirecting users to phishing sites

What best describes an insider threat?

Harmful actions taken by someone within the organization.

Which attack utilizes compromised industry-specific websites to target users?

Watering hole attack

Session hijacking allows attackers to do what?

Impersonate a user by taking control of their session.

What is the primary goal of an eavesdropping attack?

To listen in on network traffic and steal sensitive data.

Which type of attack typically does NOT require user interaction?

Drive-by download attack

Which option best describes the exploitation of vulnerabilities in a zero-day attack?

The vulnerabilities are unknown to the vendor at the time of the attack.

Study Notes

Types of Malware Attacks

• Phishing: A social engineering attack tricking victims into providing sensitive information like passwords or credit card details. It often uses deceptive emails, messages, or websites that appear legitimate. Commonly used to distribute malware or steal login credentials.

Types of Attacks (Continued)

• Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS): DoS floods a system with excessive requests to make it unavailable to legitimate users. DDoS uses multiple compromised devices (botnets) for large-scale attacks. Disrupts services, causing downtime and financial losses. Examples include SYN flood, HTTP flood, Ping of Death.

• Man-in-the-Middle (MitM) Attack: Attackers intercept and alter communication between two parties without their knowledge. Often used to steal sensitive data, eavesdrop on conversations, or inject malicious content. Can occur over unsecured networks (e.g., public Wi-Fi) or through compromised routers.

• SQL Injection (SQLi): Exploits vulnerabilities in an application's SQL database queries. Attackers inject malicious SQL code through user input fields (login forms) to manipulate the database. Can lead to unauthorized access, data deletion, or database control. Examples include Blind SQL injection, Union-based SQL injection.

• Cross-Site Scripting (XSS): Injects malicious scripts (usually JavaScript) into trusted websites. The script runs in a victim's browser, allowing attackers to steal session cookies, credentials, or deliver malware. Common in websites allowing user-generated content without validation.

• Brute Force Attack: Attempts to guess passwords, encryption keys, or login credentials by systematically trying all possible combinations. Can be time-consuming without additional tools, but effective against weak passwords. Variations include dictionary attacks and credential stuffing.

• Password Attack: Attackers try to steal or crack user passwords using various techniques like brute force, dictionary attacks, and rainbow tables (precomputed hash lookups). May also involve phishing, keylogging, or social engineering.

• Ransomware Attack: Malware encrypts files or locks users out of their system, demanding a ransom (typically cryptocurrency) to restore access. Spreads through phishing emails, malicious downloads, or vulnerabilities. Targets individuals, businesses, and critical infrastructure. Examples include WannaCry, Ryuk, REvil.

• Social Engineering Attack: Relies on psychological manipulation to trick individuals into divulging confidential information or performing harmful actions. Common tactics include impersonation, pretexting, baiting, and tailgating. Used to bypass security measures like firewalls and encryption.

• Zero-Day Attack: Targets unknown vulnerabilities in software or hardware that haven't been patched by the vendor. Can cause significant damage before detection or mitigation. Exploits can be sold on the dark web or used in espionage campaigns. Examples include Stuxnet, Operation Aurora.

Types of Attacks (Continued)

• Advanced Persistent Threat (APT): A long-term, targeted attack where attackers infiltrate a network and remain undetected for an extended period. Typically used for espionage, stealing intellectual property, or data exfiltration. Often state-sponsored or carried out by well-funded groups.

• Drive-By Download Attack: Downloads malicious software by simply visiting a compromised or malicious website. Does not require user interaction (e.g., clicking a link). Often exploits vulnerabilities in browsers or plugins. Examples include Malvertising (malicious ads) and Watering hole attacks.

• Insider Threat: A malicious attack carried out by someone within an organization. The insider may be an employee, contractor, or partner with legitimate access. Motivations may include financial gain, revenge, or corporate espionage.

• Session Hijacking: Attackers take control of a user's session by stealing or predicting session tokens. Common in web applications, allowing impersonation. Often occurs when session management is not secure, such as in HTTP cookies.

• Eavesdropping Attack (Sniffing): Attackers listen in on network traffic to steal sensitive data like passwords or credit card information. Usually conducted on unsecured networks or via compromised network devices. Tools like packet sniffers are used to capture unencrypted data in transit. Examples of tools include Wireshark, tcpdump.

• Supply Chain Attack: Targets vulnerabilities in the supply chain of hardware, software, or service providers to compromise the end-user. Can involve malware installation during manufacturing, distribution, or software updates. Allows attackers to infiltrate highly trusted systems. Examples include SolarWinds attack, Target breach.

• Cryptojacking: Attackers hijack a victim's computer or network resources to mine cryptocurrency. Operates in the background, often without the user's knowledge, causing system slowdowns or overheating. Spreads through malicious websites, ads, or infected software downloads. Examples include Coinhive, PowerGhost.

• DNS Spoofing (DNS Cache Poisoning): Manipulates the DNS resolution process to redirect users to malicious websites instead of legitimate ones. Attackers inject false DNS information into the cache. Used to steal sensitive information or infect systems with malware. Tools include dnsspoof, Ettercap.

• Watering Hole Attack: Attackers compromise a specific website or online resource frequently visited by a target group. Infects users with malware or redirects them to malicious pages. Often used in highly targeted attacks. Examples include compromised industry-specific websites.

• IoT-Based Attacks: Exploits vulnerabilities in Internet of Things (IoT) devices. Devices often lack strong security measures, making them vulnerable to botnets or remote control. Used in large-scale DDoS attacks, data breaches, or for spying. Examples include Mirai botnet.

Description

Test your knowledge on various types of malware attacks including phishing, DoS, and Man-in-the-Middle attacks. Understand how these attacks function, their impacts, and the methods used by attackers. This quiz will help solidify your understanding of cybersecurity threats.